PyPI · pypi.org

rh-model-signing

Remote Payload: matched "cUrl "

Why PkgRadar flagged 1.0.3

Severity	Signal	Evidence
medium	Remote Payload	matched "cUrl " · rh_model_signing-1.0.3/generate-trust-config.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.3`	Review	12	2026-06-08

Block this in CI

PkgRadar gates rh-model-signing (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi rh-model-signing==1.0.3